This year, “hackers have broken into the State Department server, stolen nonpublic details of President Barack Obama’s calendar, and obtained more than 21 million background security clearance forms held by the Office of Personnel Management.” And now, CIA Director John Brennan’s personal email account has been compromised, according to the WSJ. A few things you should know about this…
- First, personal email is not protected by the same security policies as John’s work email. Our hope is, he is not using his email the same way Hillary is.
- Second, this highlights the importance of Hillary’s email problem. Using personal email for business is never a good idea, especially when you work for the Government, or your work falls under some other compliance regulation such as HIPAA or GLBA.
- According the WSJ report, John does use his email for some CIA activities – at least the hacker has apparently released some documentation including, “a purported contact list of 2,611 email and instant message addresses, including information for top intelligence and national security officials.”
- This documentation may also contain, “government email addresses of 22 CIA employees, as well as those for numerous other high-ranking officials and people well-positioned in intelligence and national security agencies.”
Using work email for personal business is one thing, but using personal email for business, especially when employed by a government agency like the CIA, FBI, NSA, etc., is unthinkable. Of course the CIA would not comment, so the details are unknown at this point. But this is a major embarrassment to the CIA organization if this all turns out to be true.
© 2015, David Stelzl
PS. If you’re interested in discovering how to sell more security, and convert more of your security assessments to project and MSSP business, check out my latest book, The House & The Cloud, 2nd Edition on Amazon!